Beginning in January 2023, OIT will implement new email security features to help students, faculty and staff better recognize phishing emails. These new security measures utilize mailbox intelligence and recognize email user patterns.
Outlook will provide safety tips for inbound mail that comes from new or unusual senders. Below is a screenshot example.
The mailbox intelligence will also better recognize impersonation attempts. UA students, faculty and staff often receive impersonation phishing emails where messages are sent from addresses similar to a known contact. If a message is marked as an impersonated user, it will be delivered to the recipient’s Junk folder and contain an alert.
This fall, OIT will begin sending simulated phishing emails to UA students, faculty and staff. The simulated phishing emails will imitate real phishing emails to better equip UA community members to recognize phishing attacks. Learn more on the OIT website.
On Monday, July 18, many UA students, faculty and staff received a scam email. The subject of the message was “NOTICE BY ADMIN VERIFY YOUR OFFICE 365”. This is not a message from UA or Microsoft Office 365. If you received this message, please mark it as spam in Outlook. If you have any questions, contact the IT Service Desk at 205-348-5555 or email@example.com.
On Saturday, July 16, many UA students, faculty and staff received a scam email. The subject of the message was “MEMO FROM HR”. This is not a message from UA Human Resources or Microsoft Office 365. If you received this message, please mark it as spam in Outlook. If you have any questions, contact the IT Service Desk at 205-348-5555 or firstname.lastname@example.org.
Starting in July, OIT will be transitioning campus machines from McAfee antivirus to Microsoft Defender. OIT will be performing this software update remotely. Faculty and staff may notice a logo change in the toolbar; however, no action is required of end users. If machines are off campus, they will receive the new software when they return to campus or connect to VPN.
If you experience any issues please contact the IT Service Desk at email@example.com or 205-348-5555.
OIT Security has been made aware of a phishing attack targeting the Alabama.gov Procurement website.
A phishing/scam site has been set up that appears to look like the Alabama.gov website. If users were to visit this website and click the “CLICK HERE TO BID” button, it prompts for email login information. This is phishing scam that attempts to steal account credentials. If you receive any email directing you to this website, be sure and mark it as phishing in Outlook. Additional security tips are available on the OIT website.
Last year, Duo rolled out updates to its mobile application. This year, Duo is introducing a new look to the Duo prompt that users see when accessing applications. Below are examples of the old and new Duo prompts.
OIT will be applying the new prompt to various Duo-required applications throughout the spring semester. The largest change will occur on Wednesday, May 18 when OIT will apply the new look to Microsoft 365 and myBama.
The new prompt provides a visual and technical redesign. The new Duo prompt remembers a user’s last-used authentication method and displays that option by default. Users will not see other available login methods until they click “other options.” If push (recommended) is the last-used authentication method, Duo will automatically send a Duo push to the user’s device without needing to click a button.
Duo will continue to allow for push notifications, calls and passcodes. Please note, OIT recommends all UA students, faculty and staff use the push notification option as it provides additional login details in the mobile app.
Frequently Asked Questions
What’s different with the new Duo prompt?
The new look provides a visual and technical redesign of the traditional Duo prompt. The new prompt offers an updated appearance and a few noteworthy technical changes.
The new Duo prompt remembers a user’s last-used authentication method and displays that option by default. Users will not see other available login methods until they click “other options.” If push (recommended) is the last-used authentication method, Duo will automatically send a Duo push to the user’s device without needing to click a button.
Why do I see a “Trust browser” prompt after I log in?
Rather than checking a box to “remember me for 30 days” users can select to trust their browser. This option should only be used on personal machines that are password protected.
How can I edit or add a new device?
Users can add or edit their available devices by clicking “other options” in the prompt, then selecting “Manage devices.” From there, users can view a listing of current devices and make edits.
Wednesday, April 6 many UA students received a phishing email with the subject “Crimson email Portal Login”. Below is a screenshot of the message.
This phishing email used urgent language to trick students to steal login credentials. If you did click on the link and provide credentials, please change your myBama password immediately.
Remember to notice the red flags of phishing emails. Watch for grammar and spelling errors, review the sender’s email address, and hover over links before you click to see the web address. If you are not a DUO two-factor authentication user, please activate your account today. DUO can help protect sensitive information in your UA accounts.
If you received one of these emails, mark it as spam and delete it. If you have any questions or concerns, please contact the IT Service Desk at 205-348-5555 or firstname.lastname@example.org.
This week, Duo and Zoom have published that they no longer, or will soon no longer, offer service in certain countries and regions to comply with U.S. regulations. Duo and Zoom are both restricting service from users whose IP addresses originate in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.
OFAC restrictions relevant to Zoom currently apply to the following countries or regions:
OFAC restrictions relevant to Duo currently apply to the following countries or regions:
Beginning May 5, 2022, users attempting to authenticate to a Duo-protected application from an access device with an IP address originating in an OFAC-regulated country or region will be blocked from completing their login and receive an error message. For more information on Duo restrictions, visit the Duo Support website.
Apple has recently released updates to its various operating systems. These updates address multiple vulnerabilities, the most severe of which could lead to code execution that could resulting in installing malicious software or even viewing, changing or deleting data.
OIT recommends all Apple users install updates as soon as possible.
iOS and iPadOS prior to 15.3.1
macOS Monterey prior to 12.2.1
Safari prior to 15.3 (v. 166220.127.116.11.8 and 15618.104.22.168.8)
For Mac OS, users are often prompted to the latest version. However, users should not upgrade to Monterey without the latest version of McAfee antivirus software. If you’re not sure, please upgrade to the latest version of your current operating system. This is Big Sur for many users. Click More info to see upgrade options, then select to upgrade Big Sur and Safari. See the screenshots attached for further guidance.